GNU bug report logs -
#73742
[PATCH] gnu: librewolf: Update to 131.0.2-1 [security fixes].
Previous Next
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Fri, 11 Oct 2024 04:46:01 UTC
Severity: normal
Tags: patch
Done: Hilton Chain <hako <at> ultrarare.space>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Fri, 11 Oct 2024 18:50:36 +0800
with message-id <87plo63ocj.wl-hako <at> ultrarare.space>
and subject line Re: [bug#73742] [PATCH] gnu: librewolf: Update to 131.0.2-1 [security fixes].
has caused the debbugs.gnu.org bug report #73742,
regarding [PATCH] gnu: librewolf: Update to 131.0.2-1 [security fixes].
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
73742: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=73742
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Updates the package and changes how the .desktop file is generated. The
.desktop file the package had been using was removed upstream.
Fixes:
CVE-2024-9391: Prevent users from exiting full-screen mode in Firefox Focus
for Android
CVE-2024-9392: Compromised content process can bypass site isolation
CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
CVE-2024-9394: Cross-origin access to JSON contents through multipart
responses
CVE-2024-9395: Specially crafted filename could be used to obscure download
type
CVE-2024-9396: Potential memory corruption may occur when cloning certain
objects
CVE-2024-9397: Potential directory upload bypass via clickjacking
CVE-2024-9398: External protocol handlers could be enumerated via popups
CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of
service
CVE-2024-9400: Potential memory corruption during JIT compilation
CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
Thunderbird 131, and Thunderbird 128.3
CVE-2024-9403: Memory safety bugs fixed in Firefox 131 and Thunderbird 131
CVE-2024-9680: Use-after-free in Animation timeline
* gnu/packages/librewolf.scm (librewolf): Update to 131.0.2-1.
Change-Id: I03f8a405c454a5bc3c8a1fc9f94d0ec9b41e92ec
---
gnu/packages/librewolf.scm | 35 +++++++++++++----------------------
1 file changed, 13 insertions(+), 22 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 31de7a7171..4b91132d9b 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -212,18 +212,18 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241005085731")
+(define %librewolf-build-id "20241010143544")
(define-public librewolf
(package
(name "librewolf")
- (version "130.0.1-1")
+ (version "131.0.2-1")
(source
(origin
(inherit (make-librewolf-source
#:version version
- #:firefox-hash "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"
- #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd"))))
+ #:firefox-hash "05knnwfxqd3mb6a5y2yh73sn4g648dxnz9kpkmpj9madr55863h4"
+ #:librewolf-hash "1knx485kdjv8d0rn5ai1x1jp0403dvxz9m7lpim1y2d2ilyi26x7"))))
(build-system gnu-build-system)
(arguments
(list
@@ -619,33 +619,24 @@ (define (runpaths-of-input label)
(add-after 'wrap-program 'install-desktop-entry
(lambda* (#:key outputs #:allow-other-keys)
(let* ((desktop-file
- "taskcluster/docker/firefox-snap/firefox.desktop")
+ "toolkit/mozapps/installer/linux/rpm/mozilla.desktop")
(applications (string-append #$output
"/share/applications")))
(substitute* desktop-file
- (("^Exec=firefox")
+ (("^Exec=@MOZ_APP_NAME@")
(string-append "Exec="
#$output "/bin/librewolf"))
- ;; "Firefox" -> "LibreWolf" everywhere
- (("Firefox")
+ (("@MOZ_APP_DISPLAYNAME@")
"LibreWolf")
- ;; Remove non-Latin translations.
- (("^Name\\[(ar|bn)\\].*$")
- "")
- (("^Icon=.*")
+ (("@MOZ_APP_REMOTINGNAME@")
+ "LibreWolf")
+ (("^Icon=@MOZ_APP_NAME@")
(string-append "Icon="
#$output
- "/share/icons/hicolor/128x128/apps/librewolf.png
-"))
- ;; These commands were changed.
- (("-NewWindow")
- "-new-window")
- (("-NewPrivateWindow")
- "-new-private-window")
- (("StartupNotify=true")
- "StartupNotify=true\nStartupWMClass=LibreWolf"))
+ "/share/icons/hicolor/128x128/apps/librewolf.png")))
+
(copy-file desktop-file "librewolf.desktop")
- (install-file "librewolf.desktop" applications))))
+ (install-file "librewolf.desktop" (string-append applications)))))
(add-after 'install-desktop-entry 'install-icons
(lambda* (#:key outputs #:allow-other-keys)
(let ((icon-source-dir (string-append #$output
--
2.46.0
[Message part 3 (message/rfc822, inline)]
Hi Ian, and Rutherther, thank you for the review.
Applied as cdb262e993a2ffdf49f7995cc12fa523d4578c05 with changes mentioned in my
previous mail.
Thanks
This bug report was last modified 219 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.